• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot ping or access remote network

Scheduled Pinned Locked Moved OpenVPN
9 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sinmok15
    last edited by Feb 23, 2018, 9:48 AM

    Hi all,

    We're having trouble accessing remote machines over PfSense. We have the OpenVPN tunnel established without problem, but our office network cannot ping the local machines on the remote side. Both sides are running Pfsense.

    Our setup is fairly simple:

    Datacenter network - Running Pfsense (Open VPN server). Has a NIC mounted to the 10.10.0.0/24 network. Can only ping IPs on the 10.10.0.0 network

    Office network - Running Pfsense (Open VPN client). Regular office networking running on 192.168.1.0/24 network. Can only ping IPs on the 192.168.1.0 network

    The issue we're having is that our office network is not able to ping or communicate any remote machines running on the 10.10.0.0 network.

    I've checked the routes on both local and remote sides and it looks correct.

    See:

    Office network routes https://i.imgur.com/1BhI01U.png
    Office network cfg https://i.imgur.com/H9LVi57.png

    Remote network routes https://i.imgur.com/5SRE0P0.png
    Remote network cfg https://i.imgur.com/p0lwJeV.png

    OpenVPN firewall settings office networkhttps://i.imgur.com/sMt0z8D.png
    Open VPN firewall setting remote network https://i.imgur.com/8qLP3hX.png

    Some other useful info:

    • The remote network IPs are statically set. There are no default gateways or DHCP involved for the internal private network (10.10.0.0)

    • I have tried turning off the firewall complete on a remote machine with no luck

    • The remote network is technically a virtual network, but there is no VLAN id

    Any help would be greatly appreciated.

    Thanks

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Feb 23, 2018, 11:10 AM

      In the datacenter OpenVPN config you have to set office network (192.168.1.0/24) in the "Remote networks" field.
      The local datacenter network makes no sense here.

      1 Reply Last reply Reply Quote 0
      • S
        sinmok15
        last edited by Feb 23, 2018, 5:46 PM

        @viragomann:

        In the datacenter OpenVPN config you have to set office network (192.168.1.0/24) in the "Remote networks" field.
        The local datacenter network makes no sense here.

        I've made the update and can now ping the internal IP of the data centre pfsense machine(10.10.0.4) from my workstation(192.168.1.144)  but i still cannot ping outside of that machine (10.10.0.5, 10.10.0.6) etc

        If it helps, I'm using the Peer to peer (shared key) method?

        Thanks

        1 Reply Last reply Reply Quote 0
        • M
          moikerz
          last edited by Feb 23, 2018, 6:00 PM

          That is probably because most software firewalls only respond to devices on the same network (ie, your 10.10.0.0 network will only respond to pings from 10.10.0.0). So your pings from 192.168.1.0 are being blocked. Update each remote network firewall rules appropriately.

          1 Reply Last reply Reply Quote 0
          • S
            sinmok15
            last edited by Feb 23, 2018, 6:47 PM

            Definitely not the firewall. ICMP packets are set to allow from everywhere in windows firewall.

            1 Reply Last reply Reply Quote 0
            • M
              moikerz
              last edited by Feb 23, 2018, 6:57 PM

              The pfSense firewalls look ok, albeit a little redundant (like the remote end is allowing IPv4-* and IPv4-TCP and IPv4-TCP/UDP, when just IPv4-* is sufficient). But I'm wondering why the rules all show "0/0B" for their states - those rules have not received any data whatsoever.

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by Feb 24, 2018, 10:49 AM

                The pfSense boxes have to be the default upstream gateway on both sites.
                If that is not given you need either a static route for the remote network on each device which should communicate with it or youmust nat the packets on pfSense.

                1 Reply Last reply Reply Quote 0
                • S
                  sinmok15
                  last edited by Feb 26, 2018, 10:16 AM

                  @viragomann:

                  The pfSense boxes have to be the default upstream gateway on both sites.
                  If that is not given you need either a static route for the remote network on each device which should communicate with it or youmust nat the packets on pfSense.

                  The remote boxes have a default upstream gateway already to a WAN address. I was under the impression that having two default gateways on a box was a really bad idea.

                  How do I go about setting up NAT? I'm not sure which values i need to set on both sides

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by Feb 26, 2018, 11:35 AM

                    So the pfSense local network address 10.10.0.4 is not set as default gateway on the remote machines?
                    You have garbled the vtnet0 address, so I assume it will be a public one, isn't it?

                    1 Reply Last reply Reply Quote 0
                    1 out of 9
                    • First post
                      1/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received